I had some issues with Avast that Im trying to straighten out but in the meantime to not be left vunerable I installed AVG.
It cleaned out about 10 trojan horse virus’s that were sitting in either old backedup .rar or .zip files that I had from ages ago, or in some old junkmail emails from when I was running windows vista in it’s email .eml files. Anyway they were all put to the virus vault.
Now I get a notification from AVG that said it had found a virus or threat…
I told it to move it to the vault and as soon as it did my screen went black, and the computer rebooted and started back up fine. I looked in the virus vault and the program does list that file as being quarantined in there so…
Anyway I searched google for both nnnllmm.dll as well as Trojan Horse BHO.AZN but failed to find information for either search term.
Anybody have any clues as to what this virus is, what it can do etc.?
Well a google search for nnnllmm.dll on its own returns 6 hits, some that need translation. This would seem to indicate Vundo/Virtumond (adware) infection
Thanks, the Virtuemonde did indeed find 3 files that it removed. This suprised me since what I read was that the user might experience pop up type browser windows informing them of virus’s or malware etc. I’ve not experienced this but never the less it was there.
Still have problems with AVG and it’s resident shield. Upon starting computer, resident shield is turned off and can’t be turned on as it’s a grayed out option. Upon repairing AVG the option becomes available again, the next time I reboot, the option is grayed out again and a repair is needed to get it working again. This is basically the same situation that I had with Avast. Even after using the virtumonde program to remove the 3 files, a reboot causes this strange behavior the same as it caused in Avast.
Since you folks seem more helpful to me than the folks at AVG, I’ll uninstall AVG and reinstall Avast in hopes that folks here will continue to help me work through this problem.
I’m an ex AVG user. I’m here quite some time and among other reasons, support and help 8)
Adam, right now, if you’re infected with Vundo/Virtumond you could, please, download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from “Click the
Scan for Vundo button.” when VundoFix appears at reboot.
A log will be produced which you can post in your next response.
I think the key words are ‘might experience’ because the vundo/virtumond has many variants.
Obviously we can’t help with any AVG related issue as we don’t have it installed, but we are more than willing to help where we can with this and avast.
I ran this last night after DavidR posted the links to Virtumonde. It indeed did find 3 files, and it cleaned them and rebooted the computer. I’ve run it again from the link Tech Provided to be certain it didn’t miss anything and indeed the program informs me no files can be found. So the first pass must have gotten them.
Im not sure where it would keep this log, I don’t see any new files on my desktop which is where I would have thought it would write a log file. If it writes them somewhere else let me known and I’ll see if I can find it on my computer and post it to a message here.
DavidR, Yes I ran both the rootkit software and it found nothing. I also ran spybot search and destroy as well as adaware and both brought back the usual suspects of tracking cookies but nothing more.
I’ve also “immunized” my PC with the spybot and it is catching a registry change on behalf of AVG, something about wanting to delete a registry value. I have a sneaking suspicion that what ever is trying to delete this registry value is what is causing AVG to turn off the Resident shield. Because when I deny it the permission to change the registry value, the resident shield stays running like it should. I’ve not actually allowed it permission to change the value, so I can’t say for certain that by allowing it to do so would turn off the resident shield until it is reinstalled again or not. I guess I’ll have to try that and post back about it. But it seems quite likely to me that if whatever is trying to change the registry value is turning off the resident shield in AVG then it’s highly likely that it’s the same thing that is turning off the On-Access scanner features of Avast.
The spybot log shows the following lines:
9/14/2007 11:49:48 PM Denied (based on user decision) value “AVG7_Run” (new data: “”) deleted in System Startup user entry!
9/15/2007 11:09:09 AM Denied (based on user decision) value “AVG7_Run” (new data: “”) deleted in System Startup user entry!
I’ll do a reboot and let whatever it is to change the registry value and see if the resident shield gets disabled again, that will certainly tell me that somewhere on my computer, something is doing this on purpose and it’s no fluke.
Glad that you finally succeed 8)
Welcome to avast forum and feel free to come back any time you need help. Better, login sometime to help the others 8)
Okay, I’ve uninstalled AVG, rebooted, and reinstalled Avast and updated. All seems well again and all seems normal at this time.
Thanks to all, especialy the links to the Vundofix program to get what there was off of my computer.
Im now happily chugging along again with Avast protecting my system. Though Im just slightly concerned that those files got on my system when it’s been Avast that has been protecting my system since February when I did a reformat of my HDD and reinstalled windows, all programs and avast. I don’t usually turn off my anti-virus program for anything (even when games suggest turning off firewalls and antivirus software I won’t do it) so Im not sure how those three files managed to get through Avast in the first place. But… Im now armed with four more tools that I can run (rootkit, spybot, adaware and vundofix) to keep my system a bit more clean and creepy crawly free.
When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections. (In the case of Vundo, it’s often an older version of Sun Java that has the vulnerability that allows the infection.)
The other one that states file missing:
O2 - BHO: (no name) - {93236595-2BE6-4B17-B1CF-F6D00911F37B} - C:\WINDOWS\system32\jkhfg.dll (file missing)
was one of the files that the virtumon program removed from the computer, yet it still appears in the list.
I think the iWinArcadeIECleanup remains because I just uninstalled the IWin browser game thingy (plugin??) and have yet to reboot my system as Im currently doing those online scans that you suggested first. Im pretty sure it will end up getting removed after a reboot.
Should I be concerned that the files are missing but the entrys remain?
Understood, thanks. In this circumstance however, I am rather certain that some of those files were indeed removed by the virtu program, and the nnnllmm.dll was removed by AVG.
When AVG removed the nnnllmm.dll file it caused my computer screen to go black and a reboot of the system, but scanning after that and AVG did not report nnnllmmm.dll on my system. Now a full scan with Avast this morning also did not report any trojans, or viruses as being present. Im still doing the online f-secure test to see if it will detect something avast doesn’t.
I find it strange though that Avast never reported the nnnllmmm.dll file to me since last february. Perhaps installing AVG caused something to activate or use that file which made AVG report it as a threat. I dunno.
If this was as indicated a Vundo/Virtumond this is an adware infection and although avast detects some adware infections it isn’t a specialist anti-adware/spyware program and no one program is likely to give 100% protection. That is why we usually suggest that people also have an anti-spyware application to compliment avast. The AVG anti-spyware is one, SuperAntiSpyware or SpywareTerminator are others. SpywareTerminator provides resodent anti-spyware protection where the other two are on-demand (after 30 day trial of AVG-AS).